Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1517
Views
20
Helpful
5
Replies

What is OSPF Authentication used for

Go to solution
rdanieldrew1
Level 1
Level 1

‎12-07-2017 10:26 AM - edited ‎03-05-2019 09:36 AM

Hello,

 

I am studying for my CCNA Security and just came across a video talking about OSPF Authentication, but didn't really explain why it would be used.

 

I know the purpose behind it is to send the routing updates securely, but why would you need this, if all other aspects of your network are secured?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio E. Moisa
VIP
VIP

‎12-07-2017 11:28 AM - edited ‎12-07-2017 01:56 PM

Hi 

A good best practice is use specific /32 networks into the routing protocols to create adjacencies but imagine some network administrator have the following config:

 

interface g0/0

description TO-HQ

ip address 10.0.10.2 255.255.255.0

no shutdown

 

router ospf 1

network 10.0.0.0 0.255.255.255 area 0

or

network 0.0.0.0 255.255.255.255 area 0

 

All the network could be receive routing information or create adjacency with rogue devices (not authorized devices) over some network 10.x.x.x. From my point of view good practices are: 

- Configure as passive LAN interfaces

- Set up the specific IP address to create adjacency, for example use: 10.0.10.2 0.0.0.0 

- Authentication creates a protection layer to avoid any misconfiguration,  So not all the device will be able to participate into the routing domain without a password. 

 

Hope it is useful

:-)

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

5 Replies 5

Go to solution
Yachay
Level 1
Level 1

‎12-07-2017 11:24 AM

Essentially, authentication is used to recognize which router can participate exchanging OSPF messages. For instance, a company has 4 routers and for security reasons, they are going to use OSPF authentication. Every router will have the same password and key id, so they are going to form a OSPF neighborhood. Let's say a fifth router is connected to the network with no good intention (it is connected to inject fake routes to fake sites.) If that router does not have the same password and same key id, it will never participate into the OSPF messages and obviously, it will never modify the routes.

Go to solution
Julio E. Moisa
VIP
VIP

‎12-07-2017 11:28 AM - edited ‎12-07-2017 01:56 PM

Hi 

A good best practice is use specific /32 networks into the routing protocols to create adjacencies but imagine some network administrator have the following config:

 

interface g0/0

description TO-HQ

ip address 10.0.10.2 255.255.255.0

no shutdown

 

router ospf 1

network 10.0.0.0 0.255.255.255 area 0

or

network 0.0.0.0 255.255.255.255 area 0

 

All the network could be receive routing information or create adjacency with rogue devices (not authorized devices) over some network 10.x.x.x. From my point of view good practices are: 

- Configure as passive LAN interfaces

- Set up the specific IP address to create adjacency, for example use: 10.0.10.2 0.0.0.0 

- Authentication creates a protection layer to avoid any misconfiguration,  So not all the device will be able to participate into the routing domain without a password. 

 

Hope it is useful

:-)

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Julio E. Moisa

‎12-08-2017 06:13 AM

BTW, later Cisco OSPFv2 implementations also support the OSPFv3 syntax, where you can place an interface into OSPF using an interface command rather than an OSPF process network statement.
0 Helpful

Go to solution
paul driver
VIP
VIP

‎12-07-2017 01:02 PM

Hello

 

@rdanieldrew1 wrote:

Hello,

 

I am studying for my CCNA Security and just came across a video talking about OSPF Authentication, but didn't really explain why it would be used.

 

I know the purpose behind it is to send the routing updates securely, but why would you need this, if all other aspects of your network are secured?

Basically to protect unwarranted ospf adjacencies from from forming within your ospf processes/domain and also protect these rtrs from exchanging routing updates to unwarranted ospf peers

res
Paul

 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎12-07-2017 01:05 PM

By default, an OSPF device will form an adjacency with any other OSPF device as long as they have common attributes, such as network and area parameter (which can be determined by watching what an OSPF device is transmitting in its hello packets).

Also by default, OSPF edge networks (e.g. user networks) will allow an OSPF adjacency.

OSPF authentication helps insure an OSPF adjacent device is authorized to exchange routing information with your device.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card